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--BACKGROUND OF THE INVENTION-. 





Please'feplace the^aragraph beginning on page 1, tine 10 and ending on page 1, 
line 25, with the following paragraph: 

- -Encryption is a security technology designed to preserve the privacy and 
confidentiality of sensitive data that is being stored or transmitted. Sensitive data is routinely 
stored unencrypted on desktop computers, workstations, notebooks, personal digital assistants 
(PDAs), cellular telephones, and the like. The hard drives of notebooks are especially at risk 
as the computers are frequently used in non-secure environments and may be relatively easily 
removed by an unauthorized user. Computer hard drives may contain strategic data, patent 
applications, patent drawings, litigation documents, consumer lists, private health care 
information, payroll data and other types of sensitive data. Users frequently store 
unencrypted passwords and access codes to corporate networks on notebooks, which may 
compromise corporate network security. Statistics compiled annually by the FBI show that 
network security breaches are to a significant extent being perpetrated by employees or 
contractors who have or can gain access to sensitive data on an intranet. Moreover, 
unattended desktop PCs become frequent targets for unauthorized users attempting to gain 
illicit entry into a private network.— 



Please replace the paragraph beginning on -page 1, line 26 and ending on page 2, 
line 12, with the following paragraph: 

—Comparatively few cryptographic applications have been developed to protect data, 
with most of the applications being software-based applications adapted to perform file-level 
cryptography. File-level cryptography can also be done by various hardware devices such as 
PCMCIA cards or external ASIC-based devices. On the surface, encrypting only selected 
files instead of entire hard drives seems to make sense since not all data is confidential. 
However, file cryptography is inherently slow because the entire file must be decrypted 
before any portion of the file can be presented to the user. Also, file encryption normally 
ignores the temporary and swap files that are automatically created and stored in clear text on 
the hard drive. Worse still, file encryption frequently results in compromised overall system 
performance, and requires manual intervention by users who may become confused and 
frustrated by the number of requisite interactive steps embedded in the application. From an 
organizational point of view, the lack of automatic and transparent cryptographic operation 
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makes it inherently difficult to enforce data security policies on computers, mobile 
communication devices and networks alike. Furthermore, the level of security attainable with 
file-level cryptography is questionable, since file encryption programs run under the control 
of the computer operating system (OS) and the OS lacks sufficient access control. If an 
^ unauthorized user were capable of subverting the OS, subverting the file-level cryptography 
^ r application would be entirely feasible as well. Although PCMCIA encryption cards and 

external ASIC encryption devices have been designed to provide greater key security and to 
improve performance, these devices have had only marginal success and suffer from a variety 
of compatibility issues. It, therefore, becomes increasingly clear that conventional 
cryptography applications are not suitable for organizations and/or individuals requiring 
optimized security, convenience and uncompromised system performance.- 



id^tTthe paragraph b^nni] 



Please dtfete the paragraph beginning on page 2, line 13 and ending on page 2, 
line 16, in its entirety. 



Please replace the sub-heading on page 2, line 18, with the following sub-heading: 

-SUMMARY OF THE INVENTION-. 

Please ^efrface the paragr^phbeginning on page 2, line 19 antfending on page 2, 
line 22, with the following paragraph: 

-The present invention is generally directed to a cryptographic device adapted to 
perform data encryption and decryption on at least one data stream flowing between at least 
one data generating device and at least one data storage device without compromising overall 
system performance.— 



Please repine tfitf paragraph beginning on page 2, line 23 antfending on page 3, 
line 2, with the following paragraph: 

—In one embodiment of the present invention, the cryptographic device is adapted to 
intercept at least one data stream flowing between the data generating device and the data 
storage device, and transparently perform data encryption and decryption in accordance with 
^ the intercepted data stream. 



Please replatfethe paragraph beginnin^on page 3, line 3 and^fiding on page 3, 
line 10, with the following paragraph: 
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~ In another embodiment of the present invention, the cryptographic device 
comprises a data stream interceptor, a main controller receiving input from the data stream 
interceptor, a data generating controller adapted to perform at least one data transfer protocol 
with the data generating device on command from the main controller, a data storage 
controller adapted to perform at least one data transfer protocol with the data storage device 
on command from the main controller, and a cipher engine adapted to transparently encrypt 
and decrypt data streams flowing between the data generating device and the data storage 
device on command from the main controller.-- 



Please delate the paragraph beginning on page 3, line 11 and ending on page 3, 
line 13, in its entirety. 



Please delate the paragraph beginning on page 3, line 14 and ending on page 3, 
line 19, in its entirety. 

Please repltfcetiie paragraph beginning on page^line 21 and ending on page 3, 
line 22, with the following paragraph: 

—These and other aspects of the present invention will become apparent from a 
review of the accompanying drawings and the following detailed description of the present 
invention.-- 



Please replace the sub-heading on pfige 3, line 24, with the following sub-heading: 

A? -BRIEF DESCRIPTION OF THE DRAWINGS-. A j u ^ 



Please replace the paragraph beginning onpatge 3, line 25 and ending on page 3, 
line 26, witlvthe following paragraph: 

—The invention is best understood from the following detailed description when read 
in conjunction with the accompanying drawings. It is emphasized that, according to common 
practice, the various features of the drawings are not to scale with dimensions of the various 
features being arbitrarily expanded or reduced for clarity. Like numerals denote like features 
throughout the specification and drawings in which: ~ 



Please r^face the paragraph beginning on page 3, line 27 and ending on page 3, 
line 28, with the following paragraph: 
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—Figure 1 schematically depicts a cryptographic device operatively coupled between 
a data generating device and a data storage device for use during data transfer;- 



Please replace the paragraph beginning on page 3, line 29 and ending on page 4, 
line 2, with the following paragraph: 

A -Figure 2 schematically depicts a data storage device with an integral cryptographic 
I device operatively coupled to a data generating device for use during data transfer;— 

Please replace th^paragraph beginning^mpage 4, line 3 and ending on page 4, 
line 5, with the following paragraph: 



-Figure 3 schematically depicts a data generating device with an integral 
cryptographic device operatively coupled to a data storage device for use during data transfer; 
and- 
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Please rep&ce the paragraph beginning on page 4, line 6 and ending on page 4, 
line 8, with the following paragraph: 

—Figure 4 schematically depicts the architecture of a cryptographic device in 
accordance with the present invention.- 




Please detefethe paragraph beginning on page 4, ling^and ending on page 4, 
line 11, in its entirety. 



Please replace f he sub-heading on page 4, lincfT3, with the following sub-heading: 



-DETAILED DESCRIPTION OF THE INVENTION-. 



Please repta£ethe paragraph beojtfnmgon page 4, line 14"and ending on page 4, 
line 21, with the following paragraph: 

—Some embodiments of the present invention are described in detail with reference to 
p\ \fy the related drawings of Figures 1 - 4. Additional embodiments, features and/or advantages of 

the invention will become apparent from the ensuing description or may be learned by 
practicing the invention.— 
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Please repWce the paragraph beginning on page 4, line 22 and ending on page 5, 
line 7, with the following-paragraph: 

-Figure 1 schematically depicts a cryptographic device 12 operatively coupled 
between a data generating device 13 and a data storage device 1 1 for use during data transfer. 
In general, data generating device 13 may be a desktop/notebook computer, microprocessor, 
hub, router, mobile computing device, interface card, or any other device capable of 
generating data, while data storage device 1 1 may be a computer hard drive, tape drive, 
floppy diskette, compact disk drive, magnetic optical drive, digital video recorder, flash 
memory card, magnetic tape, compact disk (CD), CD-RW, CD+RW, CD-R, digital versatile 
disk, PCMCIA card, or any other device capable of storing data for retrieval purposes. 
Cryptographic device 12 is adapted to perform data encryption/decryption during data 
transfers between data generating device 13 and data storage device 1 1 without 
compromising the overall system performance. Specifically, cryptographic device 12 does 
not utilize resources typically associated with data generating device 13, such as CPU, 
DRAM, or other system resources during data transfers between data generating device 13 
and data storage device 11. From the functional viewpoint of data generating device 13 
and/or data storage device 1 1, data transfers are being performed directly between data 
generating device 13 and/or data storage device 11, respectively, without any intervention by 
cryptographic device 12. In general, cryptographic device 12 acts as an "invisible" data 
transfer bridge connecting data generating device 13 and data storage device 11. 
Cryptographic device 12 may be implemented in any suitable stand-alone hardware form 
such as a hub or the like. Cryptographic device 12 may also be implemented as a designated 
data transfer interface adapted to use various data communication protocols in network 
applications such as local area networks (LANs), wide area networks (WANs), and the like.— 



Please delete the paragraph beginning on page 5,1me 8 and ending on page 5, 
line 18, in its entirety. 



Please replace the paragraph beginning'on page 5, line 19 and ending on page 6, 
line 6, with the following paragraph: 

-Figure 2 schematically depicts a data storage device 21 with an integral 
cryptographic device 22 being operatively coupled to a data generating device 23 for use 
during data transfer. Cryptographic device 22 may be integrated in ASIC chip form on the 
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front end of the data transfer interface (not shown) of data storage device 21 without any 



modification of dataflow control hardware, drivers or data storage device 21 itself. The data 
transfer interface may be in the form of Socket, IDE, PCI, 1394, SCSI, PCMCIA, USB or any 
other suitable data transfer interface. In general, data generating device 23 may be a 
desktop/notebook computer, microprocessor, hub, router, mobile computing device, interface 
card, or any other device capable of generating data. Data storage device 21 may be a 



computer hard drive, tape drive, floppy diskette, compact disk drive, magnetic optical drive, 
digital video recorder, flash memory card, magnetic tape, compact disk (CD), CD-RW, 
CD+RW, CD-R, digital versatile disk, PCMCIA card, or any other device capable of storing 
data for retrieval purposes. Cryptographic device 22 is programmed to perform transparently 
data encryption/decryption during data transfers between data generating device 23 and data 
storage device 21 without compromising the overall system performance. From the functional 
viewpoint of data generating device 23, data transfer is being performed directly with data 
storage device 21 without any apparent intervention by integral cryptographic device 22.— 



Please replace the paragraph beginning on page 6, line 7 and ending on page 6, 



—Figure 3 schematically depicts a data generating device 33 with an integral 
cryptographic device 32 being operatively coupled to a data storage device 3 1 for use during 
data transfer. Cryptographic device 32 may be integrated in ASIC chip form on the front end 
of the data transfer interface (not shown) of data generating device 33 without any 
modification to dataflow control hardware, drivers or data generating device 33 itself. The 
data transfer interface may be in the form of Socket, IDE, PCI, 1394, SCSI, PCMCIA, USB 
or any other suitable data transfer interface. In general, data generating device 33 may be a 
desktop/notebook computer, microprocessor, hub, router, mobile computing device, interface 
card, or any other device capable of generating data. Data storage device 3 1 may be a 
computer hard drive, tape drive, floppy diskette, compact disk drive, magnetic optical drive, 
digital video recorder, flash memory card, magnetic tape, compact disk (CD), CD-RW, 
CD+RW, CD-R, digital versatile disk, PCMCIA card, or any other device capable of storing 
data for retrieval purposes. Cryptographic device 32 is programmed to perform transparently 
data encryption/decryption during data transfers between data generating device 33 and data 
storage device 3 1 without compromising the overall system performance. From the functional 






line 18, with tbcfollowing paragraph: 
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viewpoint of data storage device 3 1 , data transfer is being performed directly with data 
^ generating device 33 without any apparent intervention by integral cryptographic device 32.- 



Please replace the paragraph beginning^n page 6, line 19 and ending on page 7, 
line 1, with the following paragraph: 

—Figure 4 depicts schematically the architecture of a cryptographic device 43 in 
accordance with the present invention. In the embodiment of Figure 4, cryptographic device 
43 is shown operatively coupled between a data generating device 41 and a data storage 
device 42 for use during data transfer. In general, data generating device 41 may be a 
desktop/notebook computer, microprocessor, hub, router, mobile computing device, interface 
card, or any other device capable of generating data. Data storage device 42 may be a 
computer hard drive, tape drive, floppy diskette, compact disk drive, magnetic optical drive, 
digital video recorder, flash memory card, magnetic tape, compact disk (CD), CD-RW, 
CD+RW, CD-R, digital versatile disk, PCMCIA card, or any other device capable of storing 
data for retrieval purposes. Cryptographic device 43 may be implemented in any suitable 
hardware form. Cryptographic device 43 is adapted to perform transparently data encryption 
and decryption during data transfers between data generating device 41 and data storage 
device 42 with no impact on overall system performance.— 



Please replaceflieparagraph beginning on page 7, line 2 and ending on page 7, 
line 31, with the following paragraph: 

—As generally illustrated in Figure 4, cryptographic device 43 comprises a data 
stream interceptor 431 which is operatively coupled to a main controller 432. Main controller 
432 communicates control signals to a data generating controller 433, a data storage 
controller 434, and a cipher engine 436. Main controller 432 receives input from data stream 
interceptor 43 1 and determines whether an incoming data stream, which may include 
command/control and/or data signals, is to be encrypted, decrypted or passed through 
unmodified. In this regard, data stream interceptor 431 is adapted to distinguish between 
command/control and data signal transfers. Specifically, interceptor 431 is configured to pass 
through certain command/control signals via a bypass data path 44, and intercept other 
command/control signals which are transmitted to main controller 432, as generally depicted 
in Figure 4. Main controller 432 instructs data generating controller 433 and data storage 
controller 434 to perform specific data transfer protocols such as read/write, PIO/DMA, 
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ATA/IDE, PCI, and the like with corresponding peer controllers (not shown) of data 
generating device 41 and data storage device 42, respectively, according to the intercepted 
command/control signals. Main controller 432 also transmits control signals to cipher engine 
436 to notify the same of an incoming data stream. Cipher engine 436 is operatively coupled 
between an input buffer 435 and an output buffer 437, and programmed to transparently 
encrypt/decrypt streaming data during data transfer between data generating device 41 and 
data storage device 42, as generally shown in Figure 4. Input buffer 435 stores pre-encrypted 
and pre-decrypted data, while output buffer 437 stores encrypted and decrypted data, 
respectively. Input buffer 435 receives data from data generating device 41 or data storage 
device 42 depending on the type of data transfer. Output buffer 437 outputs data to data 
generating device 41 or data storage device 42 depending on the type of data transfer. Data 
generating device 41 may include a 1-bit, 8-bit, 16-bit or 32-bit data width interface. Data 
storage device 42 may include a 1-bit, 8-bit, 16-bit or 32-bit data width interface. Cipher 
engine 436 may include a 64-bit, 128-bit or other data width interface depending on the 
ciphering algorithm being used. Input buffer 435 is adapted to convert incoming data width to 
a data width suitable for input to cipher engine 436. Output buffer 437 is adapted to convert 
incoming data width to a data width suitable for output to data storage device 42 or data 
generating device 41. — 

Please replace tfie^paragraph begijHfingon page 7, line 3>£iufending on page 8, 
line 16, with the following paragraph: 

—No resources associated with data generating device 41 or data storage device 42, or 
any other system resources, are being used by cryptographic device 43 during data transfer 
between data generating device 41 and data storage device 42. Cryptographic device 43 
independently and transparently encrypts/decrypts incoming data streams without 
compromising the overall system performance. A person skilled in the art would recognize 
that cryptographic device 43 may be adapted for implementation in network communication 
applications such as those involving LANs, WANs, virtual private networks (VPNs), and the 
Internet.- 
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cet^epar; 



Please replacetne paragraph beginning on page 8, line 17 and ending on page 8, 
line 21, with the following paragraph: 
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